I also don't get it, why do certificates need to expire?

1) To encourage good security practices in the event of compromise or technical improvements. Original '90s "export approved" SSL certificates were only 56-bits. If sites still used those today, they could be easily cracked.

2) To guarantee a recurring revenue stream for TLS/SSL issuers. Originally certificates were $50 to $100/year and there was a big process around renewal and verification. I remember having to fax in corporate paperwork. What a pain!

I bet some guy with a ton of badges on his suit is asking the exact question in some Pentagon boardroom right now.

Since revocation is also a big pain.